Overview

overview

10

Static

static

10

SUNBURST/A...34.dll

windows7_x64

1

SUNBURST/A...34.dll

windows10_x64

1

SUNBURST/A...77.dll

windows7_x64

1

SUNBURST/A...77.dll

windows10_x64

SUNBURST/A...bc.dll

windows7_x64

1

SUNBURST/A...bc.dll

windows10_x64

1

SUNBURST/A...d6.dll

windows7_x64

1

SUNBURST/A...d6.dll

windows10_x64

1

SUNBURST/A...af.dll

windows7_x64

1

SUNBURST/A...af.dll

windows10_x64

1

SUNBURST/A...8d.dll

windows7_x64

1

SUNBURST/A...8d.dll

windows10_x64

1

SUNBURST/A...71.dll

windows7_x64

1

SUNBURST/A...71.dll

windows10_x64

1

SUNBURST/F...ad.dll

windows7_x64

1

SUNBURST/F...ad.dll

windows10_x64

1

SUNBURST/F...e5.dll

windows7_x64

1

SUNBURST/F...e5.dll

windows10_x64

1

SUNBURST/F...6d.exe

windows7_x64

1

SUNBURST/F...6d.exe

windows10_x64

1

SUNBURST/F...91.exe

windows7_x64

1

SUNBURST/F...91.exe

windows10_x64

1

SUNBURST/F...0c.dll

windows7_x64

1

SUNBURST/F...0c.dll

windows10_x64

3

SUNBURST/F...d9.dll

windows7_x64

8

SUNBURST/F...d9.dll

windows10_x64

8

SUNBURST/F...a6.exe

windows7_x64

3

SUNBURST/F...a6.exe

windows10_x64

3

SUNBURST/F...65.exe

windows7_x64

1

SUNBURST/F...65.exe

windows10_x64

1

SUNBURST/F...40.exe

windows7_x64

1

SUNBURST/F...40.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DarkHalo.zip

  • Size

    253.2MB

  • Sample

    201226-nxtdbecye6

  • MD5

    b663a67d0ad56dd74bf241c8ff019ea3

  • SHA1

    5f0c2f900b2b6384a3bcdfd52a8d7456c7cc61f3

  • SHA256

    f9cf0fafb332a52c2d95e3d18ad6b0f3d7836166fb105cb38970bec2bddd1daa

  • SHA512

    12e5a89ddc2894643c08f0991034518104da96ba3e80f4f0b74e1be0d5ebdbaa07c95f5c1cee8cd7a2e8ab7554969db661272559ffd43aba862ed9e0e32d88db

Score
10/10
sunburstsupernovateardropbackdoordropper

Malware Config

Targets

    • Target

      SUNBURST/APT_Backdoor_SUNBURST/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134

    • Size

      1003KB

    • MD5

      2c4a910a1299cdae2a4e55988a2f102e

    • SHA1

      2f1a5a7411d015d01aaee4535835400191645023

    • SHA256

      019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134

    • SHA512

      5cbfefe612a40c8872a0faf3db8d3835dc514fb3df159610095b47c595c6caa1ada79cce2b10fb99e648990c3f54f63344d1fa7025090bfcd4e2c55d7210a28d

    Score
    1/10
    behavioral1behavioral2

    • Target

      SUNBURST/APT_Backdoor_SUNBURST/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77

    • Size

      987KB

    • MD5

      b91ce2fa41029f6955bff20079468448

    • SHA1

      76640508b1e7759e548771a5359eaed353bf1eec

    • SHA256

      32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77

    • SHA512

      6a81f082f36ccbda48070772c5a97e1d7de61ad77465e7befe8cbd97df40dcc5da09c461311708e3d57527e323484b05cfd3e72a3c70e106e47f44cc77584bd7

    Score
    1/10
    behavioral3behavioral4

    • Target

      SUNBURST/APT_Backdoor_SUNBURST/a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc

    • Size

      912KB

    • MD5

      e18a6a21eb44e77ca8d739a72209c370

    • SHA1

      5e643654179e8b4cfe1d3c1906a90a4c8d611cea

    • SHA256

      a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc

    • SHA512

      17b4de6158de054c02849bb728b9767208d3f07ef18d4dc41963a370d34e9dbcf7cc4b729726903f1a7afd4ef7e8c1d781c20a3049a2c160dede23614352f11c

    Score
    1/10
    behavioral5behavioral6

    • Target

      SUNBURST/APT_Backdoor_SUNBURST/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6

    • Size

      1003KB

    • MD5

      846e27a652a5e1bfbd0ddd38a16dc865

    • SHA1

      d130bd75645c2433f88ac03e73395fba172ef676

    • SHA256

      ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6

    • SHA512

      c26e275b4232be844f6c4062a4f42413099452085060ed4080b880b52800428cd32f69271c98977fa979a89355fbb3b485855ca3d51499bca12dfbf8c3168d2f

    Score
    1/10
    behavioral7behavioral8

    • Target

      SUNBURST/APT_Backdoor_SUNBURST/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af

    • Size

      918KB

    • MD5

      3e329a4c9030b26ba152fb602a1d5893

    • SHA1

      ebe711516d0f5cd8126f4d53e375c90b7b95e8f2

    • SHA256

      d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af

    • SHA512

      95f0308b8b9c1263c3318e4577446572190e508c9fbb87f3170dd1bfe104e01bfcb97537648eca4ef123e3f15d79b53ea702553a7433dbaf3d543b045d2ecb3e

    Score
    1/10
    behavioral9behavioral10

    • Target

      SUNBURST/APT_Dropper_Win64_TEARDROP/6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d

    • Size

      200KB

    • MD5

      393702fab1c5d09d9f94e8a63114746d

    • SHA1

      e1ebab8ed84dc10b95a1f68c812ecbf6d8f350f8

    • SHA256

      6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d

    • SHA512

      8ef68235a7e839be2f411269da8508957caa4d15cf94848560067aecfc5776ea71053dc6322607de79c0e6b78a2dee0172d0b2ed2c555a0ff1c04e6e551ec5e2

    Score
    1/10
    behavioral11behavioral12

    • Target

      SUNBURST/APT_Webshell_SUPERNOVA/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71

    • Size

      7KB

    • MD5

      56ceb6d0011d87b6e4d7023d7ef85676

    • SHA1

      75af292f34789a1c782ea36c7127bf6106f595e8

    • SHA256

      c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71

    • SHA512

      f7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629

    Score
    1/10
    behavioral13behavioral14

    • Target

      SUNBURST/FalsePositives/0201b92d3d877df4de0d109ce6f3d647cfde3ab9d881f8cddc10d4bb8e5f21ad

    • Size

      549KB

    • MD5

      b32892d699c39949e9b648d6b72fe5cf

    • SHA1

      b67048acde6f73e76a5004331130824fa810670e

    • SHA256

      0201b92d3d877df4de0d109ce6f3d647cfde3ab9d881f8cddc10d4bb8e5f21ad

    • SHA512

      6c73cd30febac92a59785bac5b13d25b5485e9e0e16ec82e6053f5ec6e342f42dd0273dd8548630946594816bc9bb7af18e6a87f15afa07cb5106d6df9f966b6

    Score
    1/10
    behavioral15behavioral16

    • Target

      SUNBURST/FalsePositives/191a0fc897f798860c541f0e3fcd496f5d586f54c967d6e21621d974ebdd9de5

    • Size

      550KB

    • MD5

      a4f94f3896f4730cc7709e3b14888c5d

    • SHA1

      09b74bdbfcafd87e175abba843495b007ed65b3b

    • SHA256

      191a0fc897f798860c541f0e3fcd496f5d586f54c967d6e21621d974ebdd9de5

    • SHA512

      ad67d439f81d431d38a87a59fd2c392099e5dfee971c5573a25cab2e909dd2b21b885f30fc2ec158f7ff0f4c6e3f64efd2fa4a89f5698776e133e4b3ed79ddec

    Score
    1/10
    behavioral17behavioral18

    • Target

      SUNBURST/FalsePositives/e8593c908f6ac1656d5261073be7df756b5dd5dd428742c090e2c0ad983df56d

    • Size

      15.7MB

    • MD5

      175551a90483d2a011e0b15f35403e2e

    • SHA1

      03f7f1e201317699160b91de63d0d0a63f3b966d

    • SHA256

      e8593c908f6ac1656d5261073be7df756b5dd5dd428742c090e2c0ad983df56d

    • SHA512

      944c7f16ea535ff784a8f13d9670d23857ef3df9da779816a9765facd5ffd513c2be12d44b70215f686643b00b2da9dc88fd7f78731aaeeb0377e6ef1c840305

    Score
    1/10
    behavioral19behavioral20

    • Target

      SUNBURST/FireEyeTools/0340043481091d92dcfb2c498aad3c0afca2fd208ef896f65af790cc147f8891

    • Size

      209KB

    • MD5

      66e0681a500c726ed52e5ea9423d2654

    • SHA1

      22109552d6af71d392de199e21ae272009db608a

    • SHA256

      0340043481091d92dcfb2c498aad3c0afca2fd208ef896f65af790cc147f8891

    • SHA512

      16a8d31efb8ecedc497fea2e0096684a9bbb554416fcf45ec82ece1939d710d385f0d9e09787f300b057d8e3d46427f2b98cdb4a381c050dae4ed041e3f9324a

    Score
    1/10
    behavioral21behavioral22

    • Target

      SUNBURST/FireEyeTools/078403b4e89ff06d2fe2ed7e75428a381f83ffb708dbd01b0220767498947f0c

    • Size

      14KB

    • MD5

      5125979110847d35a338caac6bff2aa8

    • SHA1

      218651ac5b575c3f9642c2e9a5928aa22fab8483

    • SHA256

      078403b4e89ff06d2fe2ed7e75428a381f83ffb708dbd01b0220767498947f0c

    • SHA512

      a19ceab78ee6d84ee1b8d42118e428f4f2e4b4500081fe8e1c38beed5386a692149113af01577e8f7b95034f2f2610be097385313bcb87d409470b78010bb369

    Score
    3/10
    behavioral23behavioral24

    • Target

      SUNBURST/FireEyeTools/1cf5710e500a423b84b51fa3afdd923fe0a8255c5817d3238175623e2ebbfad9

    • Size

      688KB

    • MD5

      a91bf61cc18705be2288a0f6f125068f

    • SHA1

      d535de08875cef1c49bfa2532281fa1254a8cb93

    • SHA256

      1cf5710e500a423b84b51fa3afdd923fe0a8255c5817d3238175623e2ebbfad9

    • SHA512

      a7c9a05f0d1a2b868ec608ac4dc116fd79fb36728bc4f371e9eab3cadb869b6ac53dd97cbf64a7d18ce237430cdd08f64ebab7b68ac39f3bf486d772be3a96dc

    Score
    8/10

    • Blocklisted process makes network request

    behavioral25behavioral26

    • Target

      SUNBURST/FireEyeTools/82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6

    • Size

      17KB

    • MD5

      562ecbba043552d59a0f23f61cea0983

    • SHA1

      472af2b122c23bf0ca10c78d389a5a7f030a3536

    • SHA256

      82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6

    • SHA512

      96e57af877fb1b6c6508326c25e44f01613342eeee731d49ba68fe82fdd3ea6aa82fc4bbad8fdee2ace3081a89792fb2b5b57f6a8dc533113f9c01c0f1141c1b

    Score
    3/10
    behavioral27behavioral28

    • Target

      SUNBURST/FireEyeTools/a022820a62198fa3e3b89749b38db1cc3a09136524682fb99a3ce36652725065

    • Size

      972KB

    • MD5

      e0683f8ee787313cfd2c61cd0995a830

    • SHA1

      28a15a0b532c47110297aa6f4f46bad4d72235a2

    • SHA256

      a022820a62198fa3e3b89749b38db1cc3a09136524682fb99a3ce36652725065

    • SHA512

      92ce634d72e5431cec976d640f48de7a123a8550b11b8be584958a026633ef78c7b62465f463d56b75ad97a20ae7d79e68b47a114b60c43d407d9e95f7f1d5dd

    Score
    1/10
    behavioral29behavioral30

    • Target

      SUNBURST/FireEyeTools/b6ef03aec5d10e371f0b06c661036d838ef55fa7dc75cf91fca3622bdefa8140

    • Size

      14KB

    • MD5

      c74ebb6c238bbfaefd5b32d2bf7c7fcc

    • SHA1

      b98cded462dfd80c682c953830e3df744cac756d

    • SHA256

      b6ef03aec5d10e371f0b06c661036d838ef55fa7dc75cf91fca3622bdefa8140

    • SHA512

      8e4e17fa0aa114c37f3b5385031583d59705c6b0a01a5c91c24dffa2ee5b591196595de1622fb0af42eeaa307ab23db23054e29b4883b9439f8bcb6e90676eb1

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

backdoordroppersunburstteardropsupernova
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
3/10

behavioral25

Score
8/10

behavioral26

Score
8/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10